<?php
$whmcs_path="whmcs";
require($_SERVER['DOCUMENT_ROOT']."/".$whmcs_path."/dbconnect.php");


if (!isset($_SESSION["adminid"]) || (!mysql_num_rows(mysql_query("SELECT permid FROM tbladmins JOIN tbladminperms ON tbladmins.roleid = tbladminperms.roleid WHERE permid=9 AND tbladmins.id=". intval($_SESSION["adminid"])))))
{
	exit("Access Denied");
}

function approve($cid)
{
  $r = mysql_query("SELECT * FROM tblclients WHERE (id=".$cid.");");
  if (mysql_num_rows($r))
  {
    $client = mysql_fetch_assoc($r);
  }
  else
    return "Invalid Client ID";
    
  $r = mysql_query("SELECT * FROM mod_cinfo WHERE (id=".$cid.");");
  if (mysql_num_rows($r))
  {     
    if (mysql_query("UPDATE mod_cinfo SET firstname='".$client["firstname"]."', lastname='".$client["lastname"]."', email='".$client["email"]."', address1='".$client["address1"]."', address2='".$client["address2"]."', city='".$client["city"]."', country='".$client["country"]."', phonenumber='".$client["phonenumber"]."', approved = 1, approvaldate = CURDATE(), noticecount=0 WHERE (id=".$cid.");"))
      return "1";      
  }
  else
  {
    if (mysql_query("INSERT INTO mod_cinfo (id, firstname, lastname, email, address1, address2, city, country, phonenumber, approved, approvaldate, noticecount, lastnotice) VALUES ('".$cid."', '".$client["firstname"]."', '".$client["lastname"]."', '".$client["email"]."', '".$client["address1"]."', '".$client["address2"]."', '".$client["city"]."', '".$client["country"]."', '".$client["phonenumber"]."', 1, CURDATE(), 0, CURDATE() );"))
      return "1";
  }
  return mysql_error();
}

function revoke($cid)
{
  $r = mysql_query("SELECT * FROM mod_cinfo WHERE (id=".$cid.");");
  if (mysql_num_rows($r) && mysql_query("UPDATE mod_cinfo SET approved = 0, noticecount = 0 WHERE (id=".$cid.");"))
    return "1";
  return mysql_error(); 
}

function notify($cid)
{
  $r = mysql_query("SELECT * FROM tblclients WHERE (id=".$cid.");");
  if (mysql_num_rows($r))  
    $client = mysql_fetch_assoc($r);
  else
    return "Invalid Client ID!";
    
  $r = mysql_query("SELECT * FROM mod_cinfo WHERE (id=".$cid.");");
  if (mysql_num_rows($r))
  {
    $cinfo = mysql_fetch_assoc($r);
    $noticecount = $cinfo["noticecount"]+1;
    if ($cinfo["approved"])
      return "Client is already approved!";
  }
  else
    $noticecount = 1;
    
  $url = "https://secure.vinahost.vn/ac/includes/api.php";
  $username = "api.user.QQthtKo3R";
  $password = "8wZYKJ1aE90";
  $postfields["username"] = $username;
  $postfields["password"] = md5($password);
  $postfields["action"] = "sendemail";     
  $postfields["messagename"] = "Client Contact Request #".$noticecount;
  $postfields["id"] = "1219";

  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_POST, 1);
  curl_setopt($ch, CURLOPT_TIMEOUT, 100);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
  $data = curl_exec($ch);
  curl_close($ch);

  $data = explode(";",$data);
  foreach ($data AS $temp) {
    $temp = explode("=",$temp);
    $results[$temp[0]] = $temp[1];
  }

  if ($results["result"]=="success") 
  {
    $r = mysql_query("SELECT * FROM mod_cinfo WHERE (id=".$cid.");");
    if (mysql_num_rows($r))
    {     
      if (mysql_query("UPDATE mod_cinfo SET noticecount=(noticecount+1), lastnotice=CURDATE() WHERE (id=".$cid.");"))
        return "1";      
    }
    else
    {
      if (mysql_query("INSERT INTO mod_cinfo (id, firstname, lastname, email, address1, address2, city, country, phonenumber, approved, approvaldate, noticecount, lastnotice) VALUES ('".$cid."', '".$client["firstname"]."', '".$client["lastname"]."', '".$client["email"]."', '".$client["address1"]."', '".$client["address2"]."', '".$client["city"]."', '".$client["country"]."', '".$client["phonenumber"]."', 0, CURDATE(), 1, CURDATE() );"))
        return "1";
    }
    return mysql_error();
  } 
  else 
  {  
    echo "The following error occured: ".$results["message"];
  }
}

if (isset($_REQUEST["op"]))
{
  if (($_REQUEST["op"]=="approve") && isset($_REQUEST["id"]))
  {    
    exit(approve(intval($_REQUEST["id"])));
  }
  if (($_REQUEST["op"]=="revoke") && isset($_REQUEST["id"]))
  {
    exit(revoke(intval($_REQUEST["id"])));
  }
  if (($_REQUEST["op"]=="notify") && isset($_REQUEST["id"]))
  {
    exit(notify(intval($_REQUEST["id"])));
  }
}
exit("0");
?>